如何将 ip_restriction 块添加到 Terraform Azure Function App site_config?
How can I add an ip_restriction block to Terraform Azure Function App site_config?
我已经使用 Terraform 创建了一个 Azure Function App,现在我想向该函数应用添加一些 IP 限制,但我似乎无法获得正确的语法。
site_config 块接受一个 ip_restriction 对象列表,在我的例子中我使用只有一个。 ip_restriction 'type' 可以是 ipaddress, service_tag 或 virtual_network_subnet_id。每个 ip_restriction.
只能指定一种类型
在尝试了各种设置语法的方法后,我最终创建了一个函数应用程序,然后手动设置了 IP 限制,然后查看了 Azure 中对象的 JSON。有了这些信息(明白了吗?),我尝试将相同的选项添加到我的 Terraform 代码中,如下所示:
resource "azurerm_function_app" "example" {
name = "ssc-dom-test-fnap01"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
storage_account_name = azurerm_storage_account.example.name
storage_account_access_key = azurerm_storage_account.example.primary_access_key
version = "~3"
site_config {
ip_restriction = [
{
"action": "Allow",
"headers": [],
"ip_address": "",
"name": "AzureCloudIn",
"priority": 102,
"service_tag": "AzureCloud",
"virtual_network_subnet_id": ""
}
]
}
}
但是,如果我现在 运行 terraform validate 我会收到错误消息:
│
│ with azurerm_function_app.example,
│ on main.tf line 34, in resource "azurerm_function_app" "example":
│ 34: site_config {
│
╵
╷
│ Error: expected "site_config.0.ip_restriction.0.ip_address" to not be an empty string, got
│
│ with azurerm_function_app.example,
│ on main.tf line 34, in resource "azurerm_function_app" "example":
│ 34: site_config {
我已经尝试注释掉 ip_address 和 virtual_network_subnet_id 选项并完全删除它们,但我无法获得有效的语法。
resource "azurerm_function_app" "example" {
name = "ssc-dom-fnap-001"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
storage_account_name = azurerm_storage_account.example.name
storage_account_access_key = azurerm_storage_account.example.primary_access_key
version = "~3"
site_config {
ip_restriction {
ip_address = "62.255.234.81/32"
priority = 100
name = "SCTS Access Only"
}
}
}
基本上就是这样的语法
我已经使用 Terraform 创建了一个 Azure Function App,现在我想向该函数应用添加一些 IP 限制,但我似乎无法获得正确的语法。
site_config 块接受一个 ip_restriction 对象列表,在我的例子中我使用只有一个。 ip_restriction 'type' 可以是 ipaddress, service_tag 或 virtual_network_subnet_id。每个 ip_restriction.
只能指定一种类型在尝试了各种设置语法的方法后,我最终创建了一个函数应用程序,然后手动设置了 IP 限制,然后查看了 Azure 中对象的 JSON。有了这些信息(明白了吗?),我尝试将相同的选项添加到我的 Terraform 代码中,如下所示:
resource "azurerm_function_app" "example" {
name = "ssc-dom-test-fnap01"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
storage_account_name = azurerm_storage_account.example.name
storage_account_access_key = azurerm_storage_account.example.primary_access_key
version = "~3"
site_config {
ip_restriction = [
{
"action": "Allow",
"headers": [],
"ip_address": "",
"name": "AzureCloudIn",
"priority": 102,
"service_tag": "AzureCloud",
"virtual_network_subnet_id": ""
}
]
}
}
但是,如果我现在 运行 terraform validate 我会收到错误消息:
│
│ with azurerm_function_app.example,
│ on main.tf line 34, in resource "azurerm_function_app" "example":
│ 34: site_config {
│
╵
╷
│ Error: expected "site_config.0.ip_restriction.0.ip_address" to not be an empty string, got
│
│ with azurerm_function_app.example,
│ on main.tf line 34, in resource "azurerm_function_app" "example":
│ 34: site_config {
我已经尝试注释掉 ip_address 和 virtual_network_subnet_id 选项并完全删除它们,但我无法获得有效的语法。
resource "azurerm_function_app" "example" {
name = "ssc-dom-fnap-001"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
storage_account_name = azurerm_storage_account.example.name
storage_account_access_key = azurerm_storage_account.example.primary_access_key
version = "~3"
site_config {
ip_restriction {
ip_address = "62.255.234.81/32"
priority = 100
name = "SCTS Access Only"
}
}
}
基本上就是这样的语法